﻿using EnvirProtection.App_Start;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using System.Web.Http.Filters;
using System.Web.Http.Results;
using webapi.Common;

namespace EnvirProtection.Security
{
    public class IdentityBasicAuthentication : IAuthenticationFilter
    {
        public bool AllowMultiple { get; }

        public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            //1.获取token
            context.Request.Headers.TryGetValues("token", out var tokenHeaders);
            //2.如果没有token，不做任何处理
            if (tokenHeaders == null||!tokenHeaders.Any())
            {
                //var result = new CancellationToken(false);
                //context.ErrorResult.ExecuteAsync(result);
              return Task.FromResult(0);
            }
            //3.如果token验证通过，则写入到identity,如果未通过则设置错误
            var jwtHelper = new JWTHelper();
            var payLoadClaims = jwtHelper.DecodeToObject(tokenHeaders.FirstOrDefault(), ConstantConfig.JWTContant, out bool isValid, out string errMsg);
            if(isValid)
            {
                var identity = new ClaimsIdentity("jwt", "user", "password");//只要ClaimsIdentity设置了authenticationType，authenticated就为true，后面的authority根据authenticated=true来做权限
                foreach (var keyValuePair in payLoadClaims)
                {
                    identity.AddClaim(new Claim(keyValuePair.Key, keyValuePair.Value.ToString()));
                }
                // http上下文的principal和进程的currentPrincipal都设置
                context.Principal = new ClaimsPrincipal(identity);
                Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
            }
            else
            {
                context.ErrorResult = new ResponseMessageResult(new HttpResponseMessage()
                {
                    StatusCode = HttpStatusCode.ProxyAuthenticationRequired,
                    Content = new StringContent(errMsg)
                });
            }
            return Task.FromResult(0);
        }

        public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
        {
            return Task.FromResult(0);
        }
    }
}